chore: initial PoC impl

Author: ctron

Cargo.lock

@@ -10,13 +10,24 @@ name = "migration"
 path = "src/lib.rs"
 
 [dependencies]
+trustify-common = { workspace = true }
+trustify-entity = { workspace = true }
+trustify-module-storage = { workspace = true }
+
+bytes = { workspace = true }
+futures-util = { workspace = true }
+anyhow = { workspace = true }
+sea-orm = { workspace = true }
 sea-orm-migration = { workspace = true, features = ["runtime-tokio-rustls", "sqlx-postgres", "with-uuid"] }
+serde-cyclonedx = { workspace = true }
+serde_json = { workspace = true }
+spdx-rs = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
 uuid = { workspace = true, features = ["v5"] }
 
 [dev-dependencies]
 trustify-common = { workspace = true }
-trustify-db  = { workspace = true }
+trustify-db = { workspace = true }
 trustify-entity = { workspace = true }
 trustify-test-context = { workspace = true }
 

migration/Cargo.toml

@@ -0,0 +1,159 @@
+use anyhow::{anyhow, bail};
+use bytes::BytesMut;
+use futures_util::stream::TryStreamExt;
+use futures_util::{StreamExt, stream};
+use sea_orm::{
+    ConnectionTrait, DatabaseTransaction, DbErr, EntityTrait, ModelTrait, TransactionTrait,
+};
+use sea_orm_migration::SchemaManager;
+use trustify_common::id::Id;
+use trustify_entity::{sbom, source_document};
+use trustify_module_storage::service::{StorageBackend, StorageKey, dispatch::DispatchBackend};
+
+#[allow(clippy::large_enum_variant)]
+pub enum Sbom {
+    CycloneDx(serde_cyclonedx::cyclonedx::v_1_6::CycloneDx),
+    Spdx(spdx_rs::models::SPDX),
+}
+
+pub trait Document: Sized + Send + Sync {
+    type Model: Send;
+
+    async fn all<C>(tx: &C) -> Result<Vec<Self::Model>, DbErr>
+    where
+        C: ConnectionTrait;
+
+    async fn source<S, C>(model: &Self::Model, storage: &S, tx: &C) -> Result<Self, anyhow::Error>
+    where
+        S: StorageBackend + Send + Sync,
+        C: ConnectionTrait;
+}
+
+impl Document for Sbom {
+    type Model = sbom::Model;
+
+    async fn all<C: ConnectionTrait>(tx: &C) -> Result<Vec<Self::Model>, DbErr> {
+        sbom::Entity::find().all(tx).await
+    }
+
+    async fn source<S, C>(model: &Self::Model, storage: &S, tx: &C) -> Result<Self, anyhow::Error>
+    where
+        S: StorageBackend + Send + Sync,
+        C: ConnectionTrait,
+    {
+        let source = model.find_related(source_document::Entity).one(tx).await?;
+
+        let Some(source) = source else {
+            bail!("Missing source document ID for SBOM: {}", model.sbom_id);
+        };
+
+        let stream = storage
+            .retrieve(
+                StorageKey::try_from(Id::Sha256(source.sha256))
+                    .map_err(|err| anyhow!("Invalid ID: {err}"))?,
+            )
+            .await
+            .map_err(|err| anyhow!("Failed to retrieve document: {err}"))?
+            .ok_or_else(|| anyhow!("Missing source document for SBOM: {}", model.sbom_id))?;
+
+        stream
+            .try_collect::<BytesMut>()
+            .await
+            .map_err(|err| anyhow!("Failed to collect bytes: {err}"))
+            .map(|bytes| bytes.freeze())
+            .and_then(|bytes| {
+                serde_json::from_slice(&bytes)
+                    .map(Sbom::Spdx)
+                    .or_else(|_| serde_json::from_slice(&bytes).map(Sbom::CycloneDx))
+                    .map_err(|err| anyhow!("Failed to parse document: {err}"))
+            })
+    }
+}
+
+pub trait Handler<D>: Send
+where
+    D: Document,
+{
+    async fn call(
+        &self,
+        document: D,
+        model: D::Model,
+        tx: &DatabaseTransaction,
+    ) -> anyhow::Result<()>;
+}
+
+pub trait DocumentProcessor {
+    async fn process<D>(
+        &self,
+        storage: &DispatchBackend,
+        f: impl Handler<D>,
+    ) -> anyhow::Result<(), DbErr>
+    where
+        D: Document;
+}
+
+impl<'c> DocumentProcessor for SchemaManager<'c> {
+    async fn process<D>(
+        &self,
+        storage: &DispatchBackend,
+        f: impl Handler<D>,
+    ) -> anyhow::Result<(), DbErr>
+    where
+        D: Document,
+    {
+        let db = self.get_connection();
+        let tx = db.begin().await?;
+
+        // TODO: soft-lock database
+        // In order to prevent new documents with an old version to be created in the meantime, we
+        // should soft-lock the database.
+
+        let all = D::all(&tx).await?;
+
+        stream::iter(all)
+            .map(async |model| {
+                let doc = D::source(&model, storage, &tx).await.map_err(|err| {
+                    DbErr::Migration(format!("Failed to load source document: {err}"))
+                })?;
+                f.call(doc, model, &tx).await.map_err(|err| {
+                    DbErr::Migration(format!("Failed to process document: {err}"))
+                })?;
+
+                Ok::<_, DbErr>(())
+            })
+            .buffer_unordered(10) // TODO: make this configurable
+            .try_collect::<Vec<_>>()
+            .await?;
+
+        // TODO: soft-unlock database
+
+        Ok(())
+    }
+}
+
+#[macro_export]
+macro_rules! handler {
+    (async | $doc:ident: $doc_ty:ty, $model:ident, $tx:ident | $body:block) => {{
+        struct H;
+
+        impl $crate::data::Handler<$doc_ty> for H {
+            async fn call(
+                &self,
+                $doc: $doc_ty,
+                $model: <$doc_ty as $crate::data::Document>::Model,
+                $tx: &sea_orm::DatabaseTransaction,
+            ) -> anyhow::Result<()> {
+                $body
+            }
+        }
+
+        H
+    }};
+}
+
+#[macro_export]
+macro_rules! sbom {
+    (async | $doc:ident, $model:ident, $tx:ident | $body:block) => {
+        $crate::handler!(async |$doc: $crate::data::Sbom, $model, $tx| $body)
+    };
+}

migration/src/data/mod.rs

@@ -1,5 +1,7 @@
 pub use sea_orm_migration::prelude::*;
 
+mod data;
+
 mod m0000010_init;
 mod m0000020_add_sbom_group;
 mod m0000030_perf_adv_vuln;
@@ -25,6 +27,7 @@ mod m0001100_remove_get_purl;
 mod m0001110_sbom_node_checksum_indexes;
 mod m0001120_sbom_external_node_indexes;
 mod m0001130_gover_cmp;
+mod m0001140_example_data_migration;
 
 pub struct Migrator;
 
@@ -57,6 +60,7 @@ impl MigratorTrait for Migrator {
             Box::new(m0001110_sbom_node_checksum_indexes::Migration),
             Box::new(m0001120_sbom_external_node_indexes::Migration),
             Box::new(m0001130_gover_cmp::Migration),
+            Box::new(m0001140_example_data_migration::Migration),
         ]
     }
 }

migration/src/lib.rs

@@ -0,0 +1,52 @@
+use crate::{
+    data::{DocumentProcessor, Sbom},
+    sbom,
+    sea_orm::{ActiveModelTrait, IntoActiveModel, Set},
+};
+use sea_orm_migration::prelude::*;
+use trustify_module_storage::service::{dispatch::DispatchBackend, fs::FileSystemBackend};
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // TODO: make this configurable
+        let (storage, _tmp) = FileSystemBackend::for_test()
+            .await
+            .map_err(|err| DbErr::Migration(format!("failed to create storage backend: {err}")))?;
+        let storage = DispatchBackend::Filesystem(storage);
+
+        // process data
+
+        manager
+            .process(
+                &storage,
+                sbom!(async |sbom, model, tx| {
+                    let mut model = model.into_active_model();
+                    match sbom {
+                        Sbom::CycloneDx(_sbom) => {
+                            // TODO: just an example
+                            model.authors = Set(vec![]);
+                        }
+                        Sbom::Spdx(_sbom) => {
+                            // TODO: just an example
+                            model.authors = Set(vec![]);
+                        }
+                    }
+
+                    model.save(tx).await?;
+
+                    Ok(())
+                }),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, _manager: &SchemaManager) -> Result<(), DbErr> {
+        Ok(())
+    }
+}

migration/src/m0001140_example_data_migration.rs

@@ -22,18 +22,18 @@ impl StorageBackend for DispatchBackend {
 
     async fn store<S>(&self, stream: S) -> Result<StorageResult, StoreError<Self::Error>>
     where
-        S: AsyncRead + Unpin,
+        S: AsyncRead + Unpin + Send,
     {
         match self {
             Self::Filesystem(backend) => backend.store(stream).await.map_err(Self::map_err),
             Self::S3(backend) => backend.store(stream).await.map_err(Self::map_err),
         }
     }
 
-    async fn retrieve<'a>(
+    async fn retrieve(
         &self,
         key: StorageKey,
-    ) -> Result<Option<impl Stream<Item = Result<Bytes, Self::Error>> + 'a>, Self::Error>
+    ) -> Result<Option<impl Stream<Item = Result<Bytes, Self::Error>> + use<>>, Self::Error>
     where
         Self: Sized,
     {

modules/storage/src/service/dispatch.rs

@@ -150,10 +150,10 @@ impl StorageBackend for FileSystemBackend {
         Ok(result)
     }
 
-    async fn retrieve<'a>(
+    async fn retrieve(
         &self,
         key: StorageKey,
-    ) -> Result<Option<impl Stream<Item = Result<Bytes, Self::Error>> + 'a>, Self::Error> {
+    ) -> Result<Option<impl Stream<Item = Result<Bytes, Self::Error>> + use<>>, Self::Error> {
         match self.locate(key).await? {
             Some((path, compression)) => File::open(&path)
                 .await

modules/storage/src/service/fs.rs

@@ -85,23 +85,26 @@ impl StorageResult {
 }
 
 pub trait StorageBackend {
-    type Error: Debug;
+    type Error: Debug + Display;
 
     /// Store the content from a stream
     fn store<S>(
         &self,
         stream: S,
-    ) -> impl Future<Output = Result<StorageResult, StoreError<Self::Error>>>
+    ) -> impl Future<Output = Result<StorageResult, StoreError<Self::Error>>> + Send
     where
-        S: AsyncRead + Unpin;
+        S: AsyncRead + Unpin + Send;
 
     /// Retrieve the content as an async reader
-    fn retrieve<'a>(
+    fn retrieve(
         &self,
         key: StorageKey,
     ) -> impl Future<
-        Output = Result<Option<impl Stream<Item = Result<Bytes, Self::Error>> + 'a>, Self::Error>,
-    >;
+        Output = Result<
+            Option<impl Stream<Item = Result<Bytes, Self::Error>> + Send + use<Self>>,
+            Self::Error,
+        >,
+    > + Send;
 
     /// Delete the stored content.
     ///

modules/storage/src/service/mod.rs

@@ -135,7 +135,7 @@ impl StorageBackend for S3Backend {
     #[instrument(skip(self, stream), err(Debug, level=tracing::Level::INFO))]
     async fn store<S>(&self, stream: S) -> Result<StorageResult, StoreError<Self::Error>>
     where
-        S: AsyncRead + Unpin,
+        S: AsyncRead + Unpin + Send,
     {
         let file = TempFile::with_compression(stream, self.compression).await?;
         let result = file.to_result();
@@ -163,10 +163,10 @@ impl StorageBackend for S3Backend {
         Ok(result)
     }
 
-    async fn retrieve<'a>(
+    async fn retrieve(
         &self,
         StorageKey(key): StorageKey,
-    ) -> Result<Option<impl Stream<Item = Result<Bytes, Self::Error>> + 'a>, Self::Error> {
+    ) -> Result<Option<impl Stream<Item = Result<Bytes, Self::Error>> + use<>>, Self::Error> {
         let req = self.client.get_object().bucket(&self.bucket).key(&key);
 
         match req.send().await {